05-28-2012 05:15 AM - edited 03-04-2019 04:29 PM
Hi All
Can someone explain me what these statements are there for
The config is from our MPLS router located in HeadOffice
router bgp 4550
no synchronization
bgp log-neighbor-changes
redistribute ospf 5 match internal external 1 external 2 route-map controlled-ospf
neighbor 172.16.16.253 remote-as 4500
neighbor 172.16.16.253 route-map routes_in in
no auto-summary
route-map controlled-ospf permit 10
match ip address 25
access-list 25 permit 192.168.1.0 0.0.0.255
access-list 25 permit 192.168.2.0 0.0.0.255
access-list 25 permit 192.168.3.0 0.0.0.255
ip prefix-list routes_in seq 10 permit 192.168.10.0/24
cheers
Anthony
Solved! Go to Solution.
05-28-2012 06:34 AM
Hello Anthony,
the router configuration is related to HeadOffice if I correctly understand.
the route filters that are configured allow to advertise 3 subnets to the MPLS SP router those described by ACL 25. (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24).
This is performed by route-map controlled-ospf, no filters are applied on the BGP session in the outbound direction.
The remote office router can receive up to 3 IP subnets from SP router those listed above.
From SP router on BGP session the headoffice router accepts only the subnet 192.168.10.0/24 described by the IP prefix-list routes_in.
You may want to modify the route-map controlled-ospf if only one IP subnet should be advertised to the MPLS SP router.
I would suggest to configure a new standard ACL like
access-list 26 permit 192.168.x.0 0.0.0.255
and then you change the line
match ip address 25
in
match ip address 26
in route-map controlled-ospf.
Hope to help
Giuseppe
05-28-2012 05:33 AM
Anthony,
The bgp config and route maps are showing the "controlled-ospf" is redistributing ospf orutes that match acl 25 (192.168.1.0, 2.0, and 3.0/24). It's not going to redistribute any other routes into bgp that doesn't match this route-map. I can't tell you about routes-in without seeing the route map, but I see the prefix list. The route-map could be doing anything from denying the route, permitting only the route, or setting different attributes when being received from the neighbor.
Changing from standard to extended can't be done without creating a new extended acl. What are you wanting to accomplish with it?
HTH,
John
05-28-2012 05:36 AM
Hello Anthony,
controlled-ospf is a route-map that decides what OSPF routes are advertised in BGP, currently only subnets described in ACL 25.
This ACL 25 likely describes the IP subnets that are local ( = on site)
routes_in is another route-map that is used as a route filter on received routes on the BGP session with MPLS SP PE router.
You haven't provided the configuration of route_in, However it should invoke a prefix-list with the same name that you have reported.
An extended ACL is not strictly needed in route filtering, the modern way to perform route filtering is the use of prefix-lists like the one you have reported.
The use for extended ACL in route filtering was introduced to express a range of subnet masks values.
A line like
access-list 125 permit ip 192.168.1.0 0.0.0.0 0.0.0.255 0.0.0.0
is equivalent to the first line of ACL 25
ACL 25 can be modified by adding lines if there is a new IP subnet on the site.
Hope to help
Giuseppe
05-28-2012 05:58 AM
Hi Giuseppe
I added the missing part
****
route-map routes_in permit 12
match ip address prefix-list routes_in
!
router ospf 5
log-adjacency-changes
redistribute bgp 4550 subnets
passive-interface default
no passive-interface FastEthernet0/1
***
which statement restricts what subnet are sent from Headoffice MPLS Router to Remote_offfice connected via MPLS ( remote office should have access to one subnet from headoffice )
cheers
Anthony
05-28-2012 06:34 AM
Hello Anthony,
the router configuration is related to HeadOffice if I correctly understand.
the route filters that are configured allow to advertise 3 subnets to the MPLS SP router those described by ACL 25. (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24).
This is performed by route-map controlled-ospf, no filters are applied on the BGP session in the outbound direction.
The remote office router can receive up to 3 IP subnets from SP router those listed above.
From SP router on BGP session the headoffice router accepts only the subnet 192.168.10.0/24 described by the IP prefix-list routes_in.
You may want to modify the route-map controlled-ospf if only one IP subnet should be advertised to the MPLS SP router.
I would suggest to configure a new standard ACL like
access-list 26 permit 192.168.x.0 0.0.0.255
and then you change the line
match ip address 25
in
match ip address 26
in route-map controlled-ospf.
Hope to help
Giuseppe
05-28-2012 10:03 PM
Thanks mate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide